Privacy International Files GDPR Complaints Against Oracle and Equifax
The privacy rights group filed complaints against seven companies for “wide-scale and systematic infringements” of data protection law.
Activist group Privacy International has filed complaints against data brokers, Acxiom and Oracle; ad-tech companies, Criteo, Quantcast and Tapad; and credit referencing agencies, Equifax, and Experian.
The group said it was urging data protection authorities in the UK, Ireland and France to investigate these companies and to protect individuals from the mass exploitation of their data.
A Privacy International spokesperson said: “Our complaints target companies that, despite exploiting the data of millions of people, are not household names and, therefore, rarely have their practices challenged.
“In tandem with the complaints, we have launched a campaign to seek to empower people and make it easier to demand that these companies delete our data.”
Privacy International said its complaints argue that the way these companies exploit people’s data, in particular for profiling, is in contravention of the General Data Protection Regulation (GDPR), which took effect on 25th May 2018.
The spokesperson said: “Our complaints are based on more than 50 Data Subject Access Requests to these companies, as well as information that these companies provide in their marketing materials and in their privacy policies.
“As such, our assertions are based on evidence that represents only the tip of the iceberg. We expect and anticipate the regulators will be able to delve more deeply into our concerns regarding wide-scale and systematic infringements of the GDPR. Privacy International is encouraged that the UK’s Information Commissioner’s Office (ICO) has issued assessment notices to Acxiom, Equifax, and Experian.
“We are asking the ICO to take into account our submissions in the context of their ongoing investigation and urge the ICO to widen its investigation to include Criteo, Oracle, Quantcast and Tapad.”
As part of Privacy International’s campaign, it claims to have made it easier for people to write to companies and demand they delete their data.
Privacy International legal officer, Ailidh Callander, said: “The data broker and ad-tech industries are premised on exploiting people’s data. Most people have likely never heard of these companies, and yet they are amassing as much data about us as they can and building intricate profiles about our lives. GDPR sets clear limits on the abuse of personal data.
“Privacy International’s complaints set out why we consider these companies’ practices are failing to meet the standard – yet we’ve only been able to scratch the surface with regard to their data exploitation practices. GDPR gives regulators teeth and now is the time to use them to hold these companies to account.
Privacy International’s data exploitation programme lead, Frederike Kaltheuner, said: “The world is being rebuilt by companies and governments so that they can exploit data.
“Without urgent and continuous action, data will be used in ways that people cannot now even imagine, to define and manipulate our lives without us being to understand why or being able to effectively fight back. We encourage journalists, academics, consumer organisations, and civil society more broadly, to further hold these industries to account.”